Information Security Officer

Virginia Economic Devel Partnership

$120K — $160K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • Minimum of 8-10 years in information security or IT risk management
  • 3-5 years of experience in security leadership for enterprise programs
  • Experience in public sector or regulated environments preferred
  • Professional certification such as CISSP, CISM, or CISA required
  • Proficient in risk assessments, security audits, and compliance reviews

Responsibilities

  • Serve as the designated Information Security Officer (ISO) for VEDP
  • Manage an information security program aligning with Commonwealth of Virginia policies
  • Develop and enforce security policies, standards, and procedures
  • Create security awareness and training programs for all agency staff
  • Implement appropriate security controls based on data sensitivity and risk
  • Lead audit and assessment activities with stakeholders
  • Oversee third-party security reviews and vendor risk assessments
  • Partner with IT teams to enhance security operations and incident response

Benefits

  • Professional development opportunities
  • Collaboration with executive leadership and external partners
  • Engagement with impactful public sector projects
  • Comprehensive information security program management
  • Ability to influence organization-wide cybersecurity posture
Full Job Description
The Virginia Economic Development Partnership (VEDP) is seeking a strategic and experienced Information Security Officer to lead VEDP's Information Security Program. The successful candidate will be responsible for developing, implementing, and maintaining a comprehensive information security program that protects the confidentiality, integrity, and availability of VEDP's information assets and technology resources. This role serves as the designated Information Security Officer (ISO) and provides leadership in cybersecurity governance, risk management, compliance, security operations, incident response, and security awareness across the organization. The position works closely with executive leadership, business units, technology teams, auditors, and external partners to ensure VEDP maintains a mature and effective security posture.

Responsibilities:

  • Serve as VEDP's designated Information Security Officer (ISO)
  • Develop and manage an information security program that meets or exceeds the requirements of Commonwealth of Virginia (COV) IT security policies and standards in a manner commensurate with risk
  • Develop and maintain information security policies, standards, procedures, and guidelines
  • Develop and maintain an information security awareness and training program for agency staff, including contractors and IT service providers
  • Implement and maintain the appropriate balance of preventative, detective and corrective controls for VEDP IT systems commensurate with data sensitivity, risk and systems criticality in conjunction with IT leadership
  • Lead system audit and assessment activities by coordinating with internal and external partners, managing audit requests through completion
  • Lead cybersecurity governance, risk management, privacy, and compliance initiatives
  • Oversee third-party security reviews, vendor risk assessments, and security-related contractual requirements
  • Partner with IT leadership and technology teams to implement security operations, change management, threat management, vulnerability management, and incident response
  • Coordinate with leadership on business continuity, disaster recovery, and cyber resilience planning efforts
  • Develop and deliver executive-level reporting for the leadership and metrics on cybersecurity risks and program effectiveness


Skills:

  • Experience implementing and managing cybersecurity controls aligned with NIST-based frameworks, including COV SEC530 or similar
  • Ability to balance security requirements with business objectives
  • Experience developing and enforcing security policies, standards, and procedures
  • Experience with security awareness and organizational change management initiatives
  • Knowledge of security operations, threat management, vulnerability management, and incident response
  • Strong analytical and problem-solving skills
  • Excellent written and verbal communication skills
  • Ability to communicate technical risks to executive and non-technical audiences
  • Strong leadership, project management, and stakeholder engagement skills


Experience:

  • Minimum of 8-10 years of progressive experience in information security, cybersecurity, or IT risk management
  • Minimum of 3-5 years of security leadership experience managing enterprise security programs
  • Experience working within public-sector or regulated environments preferred
  • Professional security certification(s) such as CISSP, CISM, CISA, or equivalent
  • Experience conducting risk assessments, security audits, and compliance reviews


Being authorized to work in the U.S. is a precondition of employment. VEDP uses the E-Verify system and does not provide sponsorship.

All candidates must apply through our website https://www.vedp.org/careers. A valid Virginia driver's license is required. Salary Range: $120,000-$160,000. Application deadline: July 17, 2026.

Similar Jobs

More Jobs at Virginia Economic Devel Partnership

More Information Technology Jobs

Find similar Information Security Officer jobs: